Tightening IT Security Management in Light of Lapses Highlighted in Auditor-General's Report

72 Assoc Prof Daniel Goh Pei Siong asked the Prime Minister whether the Government will consider having the Cyber Security Agency to lead a whole-of-Government exercise to review and tighten IT security management and monitoring in light of the Auditor-General's findings on lapses in IT security at several agencies, especially those handling sensitive personal and financial information.

Mr Lee Hsien Loong: The Cyber Security Agency (CSA) oversees national cybersecurity strategy, operations and ecosystem development. CSA works closely with regulators across eleven sectors to protect Critical Information Infrastructure from cyber threats. Among the eleven sectors, GovTech oversees the Government sector.

In its report released on 18 July 2017, the Auditor-General's Office observed weaknesses in information technology (IT) controls in four agencies. As far as we are aware, these lapses did not lead to any compromise of data or cybersecurity breach. The agencies will follow up with corrective action.

To safeguard our systems and the data within, we regularly update and strengthen our IT policies. We conduct regular internal audits across the Public Service to identify shortcomings for remediation. Going forward, we will increase the number of audits, especially for the more critical and sensitive systems.